Commercial Internet Encryption No Match for the NSA, It Turns Out

A new trove of documents from the National Security Agency and its British counterpart, Government Communications Headquarters, shows that the agencies have figured out how to overcome most Internet encryption, designed to keep messages private. Under the code-breaking program, called Bullrun, the NSA uses supercomputers to break encryption codes and works with technology companies to gain access to encrypted data. And the documents, provided to the Guardian by Edward Snowden and shared with the New York Times and ProPublica, show the program has a budget of $255 million this year, compared to the $20 million budget of the PRISM program Snowden revealed earlier, under which the agency collects Internet communications. The new documents “show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects,” the Times reported.

The Guardian outlined in clear bullet points what the new documents reveal about NSA and GCHQ capabilities and the agencies’ attitudes aboutthem:

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly“exploitable”.

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their productdesigns.

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: “Do not ask about or speculate on sources ormethods.”

• The NSA describes strong decryption programs as the “price of admission for the US to maintain unrestricted access to and use ofcyberspace”.

• A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo andFacebook.

What the documents don’t reveal is which companies have cooperated with the NSA in creating weaknesses in encryption codes that the agency could access. That’s a secret even Snowden didn’t have access to. They also don’t offer details on that breakthrough the NSA made in 2010, the Guardian notes. But the upshot is that whatever data we thought was secure under encryption (such as e-mails, medical records, bank transactions, and so on) was likely accessible to theNSA.

The Bullrun program follows a debate in the nineties in which the NSA wanted to install a “backdoor” it could access in encrypted software, called the clipper chip. That effort failed, but as cryptographer Paul Kocher told the Times, “they went and did it anyway, without telling anyone.” But while the contents of the documents will shock many, their release can’t come as a total surprise. Greenwald did say Snowden had more to leak, and so hehas.